pppd daemon race condition could allow an attacker to gain elevated privileges
| pppd-race-condition (9738) |  Medium Risk |
Description:
The pppd daemon in multiple BSD implementations is vulnerable to a race condition that could allow a local attacker to gain elevated privileges. pppd daemon is one of the implementations of the Point-to-Point Protocol (PPP). The pppd program could open a specified file, record permissions and change the file permissions on a system file. This vulnerability could allow an attacker to acquire write permissions to system files and gain elevated privileges on the system.
Consequences:
Gain Privileges
Remedy:
For FreeBSD 4.0 through 4.6:
Apply the patch for this vulnerability, as listed in FreeBSD Security Advisory FreeBSD-SA-02:32. See References.
— OR —
As a workaround, remove the suid bit from the pppd binary: # chmod u-s /usr/sbin/pppd
For NetBSD:
Refer to NetBSD Security Advisory 2002-010 for upgrade or workaround infomration. See References.
References:
- FreeBSD Security Advisory FreeBSD-SA-02:32.pppd: exploitable race condition in pppd.
- Full-Disclosure Mailing List, Mon Sep 16 2002 - 21:12:48 CDT: symlink race in pppd. (From Full-Disclosure Mailing List archive)
- BID-5355: Multiple Vendor BSD pppd Arbitrary File Permission Modification Race Condition Vulnerability
- CVE-2002-0824: BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device.
Platforms Affected:
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 4.1
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 4.3
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.6
- NetBSD NetBSD 1.4
- NetBSD NetBSD 1.4.1
- NetBSD NetBSD 1.4.2
- NetBSD NetBSD 1.4.3
- NetBSD NetBSD 1.5
- NetBSD NetBSD 1.5.1
- NetBSD NetBSD 1.5.2
- NetBSD NetBSD 1.5.3
- NetBSD NetBSD 1.6 beta
- NetBSD NetBSD CURRENT
- OpenBSD OpenBSD 3.0
- OpenBSD OpenBSD 3.1
Reported:
Jul 29, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net